GSSAPI contexts used in multiple threads
Ken Raeburn
raeburn at MIT.EDU
Tue Mar 4 16:12:12 EST 2008
On Mar 4, 2008, at 14:13, Russ Allbery wrote:
> It's quite possible that it does and that I'd just misunderstood the
> guarantees. OpenLDAP had trouble in the past but I think it was
> stable
> (if slow due to the replay cache) under load with a recent MIT
> Kerberos,
> but threading bugs can be hard to find even under heavy load.
Perhaps we should check if it's safe to not do replay caches in
certain cases (i.e., server-provided subkey always used in all known
protocols using a given service principal name) and make them default
to not using a replay cache.
It wouldn't surprise me if changing the krb5.conf config file while
the program is running could cause races, as several functions in our
library will re-read the config file when it changes, re-parse it,
etc., but I haven't reviewed if any of those functions are likely to
get called in the OpenLDAP case.
Ken
More information about the krbdev
mailing list